![](/img/trans.png)
[英]Why do I have to add the server SSL certificate if my client program is in Java and not when it is in C#?
[英]Why do I receive a connection reset when I tried to accept my SSL certificate using HTTPclient?
我試圖接受我的證書來測試我的REST API。 為此,我嘗試了:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient closeableHttpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
try {
HttpPost postRequest = new HttpPost(BASE_URL);
CloseableHttpResponse response = closeableHttpClient
.execute(postRequest);
// try {
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
// } finally {
// response.close();
// }
} finally {
closeableHttpClient.close();
}
當我執行closeableHttpClient.execute(postRequest);
時發生錯誤closeableHttpClient.execute(postRequest);
變量是:
private static final String KEYSTORE_PATH = System.getProperty("java.home")
+ "/lib/security/cacerts".replace('/', File.separatorChar);
private static final char[] KEYSTORE_PASSWORD = "changeit".toCharArray();
private static final String BASE_URL = "http://localhost:9010/api";
注意:我沒有域名,我在localhost上。 如果我很好地理解了錯誤,那是我的SSLConnectionSocketFactory關閉得太早了。 但是我不知道如何以及為什么。
編輯:我正在使用HTTPClient。 如果將端口HTTP更新為HTTPS, javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer
收到另一個錯誤: javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer
我在這里找到解決方案: javax.net.ssl.SSLPeerUnverifiedException:主機名與對等方提供的證書主題不匹配我的代碼現在是:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf).build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(
registry);
cm.setMaxTotal(100);
它正在工作,但我仍在努力(了解並確定我是否可以做其他事情/更好)! 謝謝
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.